Topic

Oracle

A collection of 41 issues

CVE-2022-38339 An older version of Safe Software FME Server contains a XSS vulnerability that allows attackers to execute arbitrary web scripts or HTML.

This XSS flaw may lead to information leak or may be exploited by hackers to conduct session hijacking or clickjacking. Vulnerable versions of FME Software can be exploited via malicious email or instant messages, or via malicious web pages. What’s worse, the latest version of FME Software, v2021.2.

CVE-2022-34734 Microsoft ODBC Driver Remote Code Execution Vulnerability

This issue was disclosed by a researcher from Tencent Security in a research paper released on January 11, 2019. The researcher found an issue in the Python Remote Connector (pymysqlnd) that can be exploited by an attacker to execute arbitrary code on the server. This issue affects all versions of

CVE-2022-34732 Microsoft ODBC Driver Remote Code Execution Vulnerability

This vulnerability has been assigned the following unique identifier: CVE-2019-1773. A remote code execution vulnerability has been discovered in the Microsoft ODBC Driver that could allow an attacker to execute code on the target system when a user connects to an affected system using Microsoft SQL Server. This vulnerability is

CVE-2022-36259 An SQL injection vulnerability in ConnectionFactory.java of InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands.

The vulnerable code is present in the method ‘getConnectionFactory()’ which is responsible for connecting new user to InventoryManagementSystem. ConnectionFactory class is abstract and extends DatabaseConnection class. Therefore, it provides common methods like ‘getConnection()’, ‘setEncoding()’, etc. The getConnectionFactory() method receives an attacker-controlled string as an input which is vulnerable to SQL

CVE-2021-44835 An issue was found in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized.

This problem can lead to data being exposed in the query like this example where a user name and password are input in the Vdc parameter. With the potential to cause a lot of damage with only a few lines of SQL, this is a critical security risk. When installing

CVE-2022-1869 Confusion in V8 allowed a remote attacker to exploit heap corruption.

This issue did not affect most users, as the browser tried to prevent this by performing strict type enforcement. However, since the type system was not complete, there was a small window where a user could execute arbitrary code. In the released versions of Google Chrome, updated address sanitization rules

CVE-2022-0972 An attacker who convinces a user to install a malicious extension can exploit heap corruption in Chrome.

This issue was addressed by restricting the permissions of extensions installed through the Chrome Web Store. Red Hat Enterprise Linux 7 provides mitigations against a regression in VMWare Workstation 12, which could previously be exploited by attackers to conduct remote code execution. This issue was addressed by upgrading VMWare Workstation

CVE-2022-21549 Oracle Java SE, Oracle GraalVM Enterprise Edition is affected by a vulnerability in the Libraries component. The vulnerability could allow a remote attacker to obtain system privileges.

by using the sendMessage API with a crafted object. The attacker cannot inject malicious code using the Java language, but can instead use scripting languages such as JavaScript or Python. When Graal runs untrusted code, Graal cannot ensure that the code has not been altered or compromised by a remote

CVE-2022-21541 Oracle Java SE product has a vulnerability.

- The attacker must compromise the Java Security Manager to exploit this vulnerability. An attacker must have access to the network to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. An attacker cannot directly exploit this vulnerability. Instead, they would likely attempt to persuade users to visit a malicious site

CVE-2022-33915 The Amazon AWS Log4j hotpatch package is affected by a race condition that could lead to a local privilege escalation.

In most cases, the hotpatch will run successfully. However, if the process exec()s a SUID binary and the process has not been observed, the exec() may perform a race between the process observing the process path and the process observing the effective user ID. The race condition could lead